aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_gpsk.c
Commit message (Collapse)AuthorAgeFilesLines
* EAP-GPSK: Pass EAP identifier instead of full requestJouni Malinen2015-05-031-12/+15
| | | | | | | This simplifies analysis of areas that get access to unverified message payload. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP peer: Clear keying material on deinitJouni Malinen2014-07-021-2/+5
| | | | | | | | | Reduce the amount of time keying material (MSK, EMSK, temporary private data) remains in memory in EAP methods. This provides additional protection should there be any issues that could expose process memory to external observers. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-GPSK: Use os_memcmp_const() for hash/password comparisonsJouni Malinen2014-07-021-1/+1
| | | | | | | | | This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-GPSK: Clean up CSuite_List length validation (CID 62854)Jouni Malinen2014-06-181-7/+11
| | | | | | | | | | Use a local variable and size_t in length comparison to make this easier for static analyzers to understand. In addition, set the return list and list_len values at the end of the function, i.e., only in success case. These do not change the actual behavior of the only caller for this function, but clarifies what the helper function is doing. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP-GPSK: Report CSuite negotiation failure properlyJouni Malinen2014-01-071-0/+1
| | | | | | | | Setting methodState = DONE for the case where GPSK-1 is found to be invalid or incompatible allows EAP state machine to proceed to FAILURE state instead of remaining stuck until AP times out the connection. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP-GPSK: Allow forced algorithm selection to be configuredJouni Malinen2014-01-071-2/+18
| | | | | | | | | phase1 parameter 'cipher' can now be used to specify which algorithm proposal is selected, e.g., with phase1="cipher=1" selecting AES-based design and cipher=2 SHA256-based. This is mainly for testing purposes, but can also be used to enforce stronger algorithms to be used. Signed-hostap: Jouni Malinen <j@w1.fi>
* EAP peer: Add Session-Id derivationStevent Li2013-02-081-2/+36
| | | | | | | | This adds a new getSessionId() callback for EAP peer methods to allow EAP Session-Id to be derived. This commits implements this for EAP-FAST, EAP-GPSK, EAP-IKEv2, EAP-PEAP, EAP-TLS, and EAP-TTLS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Annotate places depending on strong random numbersJouni Malinen2010-11-231-1/+2
| | | | | | | | | | | | | This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
* Update EAP-GPSK references from internet draft to RFC 5433Jouni Malinen2009-02-261-1/+1
|
* Mark functions static if not used elsewhere and use proper prototypesJouni Malinen2009-01-031-19/+20
|
* Reject GPSK-3 if ID_Server in it does not match with the value in GPSK-1Jouni Malinen2008-11-231-0/+1
|
* Silenced compiler warnings on size_t printf format and shadowed variablesJouni Malinen2008-09-271-5/+8
|
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+732